cvs (SSA:2004-161-01)

New cvs packages that have been upgraded to cvs-1.11.17 are available for Slackware 8.1, 9.0, 9.1, and -current to fix various security issues. Sites running a CVS server should upgrade to the new CVS package right away.

More details about the issues may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0414

Here are the details from the Slackware 9.1 ChangeLog:+--------------------------+Wed Jun 9 11:35:15 PDT 2004patches/packages/cvs-1.11.17-i486-1.tgz: Upgraded to cvs-1.11.17. From the cvs NEWS file: * Thanks to Stefan Esser Sebastian Krahmer, several potential security problems have been fixed. The ones which were considered dangerous enough to catalogue were assigned issue numbers CAN-2004-0416, CAN-2004-0417, CAN-2004-0418 by the Common Vulnerabilities and Exposures Project. Please see http://www.cve.mitre.org for more information. * A potential buffer overflow vulnerability in the server has been fixed. This addresses the Common Vulnerabilities and Exposures Project's issue CAN-2004-0414. Please see <http://www.cve.mitre.org> for more information. (* Security fix *)+--------------------------+